Aggregator

Gundaz Aghayev 写道: 俄罗斯政府机构 Roskomnadzor 下属的“互联网监控和控制中心” (CMU SSOP) 去年 11 月指责 Cloudflare 部署 Encrypted Client Hello 侵害了各国网络主权，并有效地阻止了其 ECH 连接。在“主权互联网法案”授权之下，他们持续干扰西方科技公司在俄运作，Google 和 Wikipedia 已经“夹着尾巴逃跑了”，接下来是 Cloudflare。
先演习一下，这次在部分地区完全切断 Cloudflare，起初是中部的、与哈萨克斯坦接壤的新西伯利亚州。后来，不同 ISP 和地区的封锁有差异，大体上集中在俄罗斯中部和东部地区，该国的欧洲部分不受影响。用户报告所有使用了 Cloudflare CDN 的网站，都无法被打开。包括邻国的 DeepSeek、测速站 Speedtest、w3.org，以及臭打游戏的们的 Discord、EA、Nexus mods、VRChat。Cloudflare Radar 显示部分 ISP，比如 ZSTTKAS（AS21127）的 HTTP 流量接近清零。
“演习”结束，DeepSeek 率先被解封。这期间一名用户声称使用 chat.deepseek.com 作为 TLS hello，Discord 聊天就能“迅速打开”。本人推测这并不是已被 Cloudflare 禁止的域前置：封锁和解封与否是基于 IP 地址，而不是 HTTPS SNI。
可能的关联是：Roskomnadzor 在本月 20 日说要“对俄罗斯服务和电信运营商使用外国服务器基础设施进行定期技术检查”、以及“研究在确保网络主权的框架内制定改善上述服务的稳定性和安全性的措施”。不过本人看不出来封锁 IP 地址、导致俄国人上不去使用 Cloudflare CDN 的网站是如何改善稳定和安全的。
Cloudflare Status 记录了此次短暂封锁，现在其已被标记为“解决”。

Как китайскому автогиганту удалось обогнать Tesla на годы.

关键词数据泄露一个名为“rose87168”的威胁行为者声称从 Oracle 云服务器窃取了 600 万条记录

关键词零日漏洞俄罗斯漏洞经纪公司 Operation Zero 已公开宣布为 Telegram 零日漏洞提供高

关键词个人信息“开盒”是互联网中一种隐秘而危险的黑产，源于贴吧文化，类似于人肉搜索。

Currently trending CVE - Hype Score: 1 - IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

Какие меры против нелегальных трансляций примет техногигант?

Name: FooBar CTF 2025 (an FooBarCTF event.)
Date: March 22, 2025, 6:30 a.m. — 23 March 2025, 06:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://foobarctf.nitdgplug.org/
Rating weight: 35.73
Event organizers: Alchemists of Kernel

A vulnerability classified as critical has been found in Autodesk AutoCAD. Affected is an unknown function of the component STEP File Parsing. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-23147. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Autodesk AutoCAD and classified as critical. This vulnerability affects unknown code of the component X_B File Parser. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-23143. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Autodesk AutoCAD. Affected by this issue is some unknown functionality of the component X_B File Parser. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-23146. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Autodesk AutoCAD. This affects an unknown part of the component X_B File Parser. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-23146. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Autodesk AutoCAD. Affected by this vulnerability is an unknown functionality of the component SLDDRW File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-23149. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk AutoCAD and classified as critical. This issue affects some unknown processing of the component 3DM File Parser. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-23143. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk AutoCAD. It has been classified as critical. Affected is an unknown function of the component 3DM File Parser. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-23143. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk AutoCAD. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component CATPRODUCT File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2024-37006. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-2690. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-2689. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-2688. The attack needs to be done within the local network. Furthermore, there is an exploit available.

Submit #521718 / VDB-300711